[netfilter-cvslog] r3258 - in
trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6:
include/linux/netfilter_ipv4 net/ipv4/netfilter
/C=DE/ST=Berlin/L=Berlin/O=Netfilter
/C=DE/ST=Berlin/L=Berlin/O=Netfilter
Fri Oct 22 18:14:56 CEST 2004
Author: /C=DE/ST=Berlin/L=Berlin/O=Netfilter Project/OU=Development/CN=laforge/emailAddress=laforge at netfilter.org
Date: 2004-10-22 18:14:56 +0200 (Fri, 22 Oct 2004)
New Revision: 3258
Modified:
trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_conntrack_pptp.c
trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_conntrack_proto_gre.c
trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_nat_pptp.c
trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_nat_proto_gre.c
Log:
make it actually compile
- move ip_conntrack_proto_gre to seq_file
- adopt ip_nat_proto_gre to skb_ip_make_writeable and return value of m_pkt
- reorder pptp structures in header file in correct order
Modified: trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
===================================================================
--- trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/include/linux/netfilter_ipv4/ip_conntrack_pptp.h 2004-10-22 15:45:57 UTC (rev 3257)
+++ trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/include/linux/netfilter_ipv4/ip_conntrack_pptp.h 2004-10-22 16:14:56 UTC (rev 3258)
@@ -50,24 +50,6 @@
#define IP_CONNTR_PPTP PPTP_CONTROL_PORT
-union pptp_ctrl_union {
- struct PptpStartSessionRequest sreq;
- struct PptpStartSessionReply srep;
- struct PptpStopSessionReqest streq;
- struct PptpStopSessionReply strep;
- struct PptpOutCallRequest ocreq;
- struct PptpOutCallReply ocack;
- struct PptpInCallRequest icreq;
- struct PptpInCallReply icack;
- struct PptpInCallConnected iccon;
- struct PptpClearCallRequest clrreq;
- struct PptpCallDisconnectNotify disc;
- struct PptpWanErrorNotify wanerr;
- struct PptpSetLinkInfo setlink;
-};
-
-
-
#define PPTP_CONTROL_PORT 1723
#define PPTP_PACKET_CONTROL 1
@@ -308,5 +290,21 @@
__u16 pcall_id;
};
+union pptp_ctrl_union {
+ struct PptpStartSessionRequest sreq;
+ struct PptpStartSessionReply srep;
+ struct PptpStopSessionRequest streq;
+ struct PptpStopSessionReply strep;
+ struct PptpOutCallRequest ocreq;
+ struct PptpOutCallReply ocack;
+ struct PptpInCallRequest icreq;
+ struct PptpInCallReply icack;
+ struct PptpInCallConnected iccon;
+ struct PptpClearCallRequest clrreq;
+ struct PptpCallDisconnectNotify disc;
+ struct PptpWanErrorNotify wanerr;
+ struct PptpSetLinkInfo setlink;
+};
+
#endif /* __KERNEL__ */
#endif /* _CONNTRACK_PPTP_H */
Modified: trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_conntrack_pptp.c
===================================================================
--- trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_conntrack_pptp.c 2004-10-22 15:45:57 UTC (rev 3257)
+++ trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_conntrack_pptp.c 2004-10-22 16:14:56 UTC (rev 3258)
@@ -244,6 +244,8 @@
static inline int
pptp_inbound_pkt(struct sk_buff *skb,
+ struct tcphdr *tcph,
+ unsigned int ctlhoff,
size_t datalen,
struct ip_conntrack *ct)
{
@@ -257,11 +259,12 @@
ctlh = skb_header_pointer(skb, ctlhoff, sizeof(_ctlh), &_ctlh);
if (unlikely(!ctlh)) {
DEBUGP("error during skb_header_pointer\n");
- return NF_ACCEPT
+ return NF_ACCEPT;
}
reqlen = datalen - sizeof(struct pptp_pkt_hdr) - sizeof(_ctlh);
- pptpReq = skb_header_pointer(skb, reqoff, reqlen, &_pptpReq);
+ pptpReq = skb_header_pointer(skb, ctlhoff+sizeof(struct pptp_pkt_hdr),
+ reqlen, &_pptpReq);
if (unlikely(!pptpReq)) {
DEBUGP("error during skb_header_pointer\n");
return NF_ACCEPT;
@@ -443,6 +446,8 @@
static inline int
pptp_outbound_pkt(struct sk_buff *skb,
+ struct tcphdr *tcph,
+ unsigned int ctlhoff,
size_t datalen,
struct ip_conntrack *ct)
{
@@ -523,7 +528,7 @@
DEBUGP("%s, CID=%X\n", strMName[msg], ntohs(*pcid));
/* part two of the three-way handshake */
info->cstate = PPTP_CALL_IN_REP;
- info->pns_call_id = ntohs(pptpReq.icack->callID);
+ info->pns_call_id = ntohs(pptpReq->icack.callID);
break;
case PPTP_CALL_CLEAR_REQUEST:
@@ -568,6 +573,7 @@
void *datalimit;
int dir = CTINFO2DIR(ctinfo);
struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
+ unsigned int nexthdr_off;
int oldsstate, oldcstate;
int ret;
@@ -579,16 +585,18 @@
return NF_ACCEPT;
}
+ nexthdr_off = skb->nh.iph->ihl*4;
+ tcph = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_tcph),
+ &_tcph);
+ if (!tcph)
+ return NF_ACCEPT;
+
/* not a complete TCP header? */
if (tcplen < sizeof(struct tcphdr) || tcplen < tcph->doff * 4) {
DEBUGP("tcplen = %u\n", tcplen);
return NF_ACCEPT;
}
- tcph = skb_header_pointer(skb, skb->nh.iph->ihl*4, sizeof(_tcph),
- &_tcph);
- if (!tcph)
- return NF_ACCEPT;
datalen = tcplen - tcph->doff * 4;
@@ -609,6 +617,7 @@
pptp_timeout_related(ct);
}
+ nexthdr_off += tcph->doff*4;
pptph = skb_header_pointer(skb, skb->nh.iph->ihl*4 + tcph->doff*4,
sizeof(_pptph), &_pptph);
if (!pptph) {
@@ -630,14 +639,15 @@
LOCK_BH(&ip_pptp_lock);
+ nexthdr_off += sizeof(_pptph);
/* FIXME: We just blindly assume that the control connection is always
* established from PNS->PAC. However, RFC makes no guarantee */
if (dir == IP_CT_DIR_ORIGINAL)
/* client -> server (PNS -> PAC) */
- ret = pptp_outbound_pkt(skb, datalen, ct);
+ ret = pptp_outbound_pkt(skb, tcph, nexthdr_off, datalen, ct);
else
/* server -> client (PAC -> PNS) */
- ret = pptp_inbound_pkt(skb, datalen, ct);
+ ret = pptp_inbound_pkt(skb, tcph, nexthdr_off, datalen, ct);
DEBUGP("sstate: %d->%d, cstate: %d->%d\n",
oldsstate, info->sstate, oldcstate, info->cstate);
UNLOCK_BH(&ip_pptp_lock);
Modified: trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_conntrack_proto_gre.c
===================================================================
--- trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_conntrack_proto_gre.c 2004-10-22 15:45:57 UTC (rev 3257)
+++ trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_conntrack_proto_gre.c 2004-10-22 16:14:56 UTC (rev 3258)
@@ -181,8 +181,8 @@
struct gre_hdr_pptp _pgrehdr, *pgrehdr;
u_int32_t srckey;
- grehdr = skb_header_pointer(skb, dataoff, &_grehdr, sizeof(_grehdr));
- pgrehdr = skb_header_pointer(skb, dataoff, &_pgrehdr, sizeof(_pgrehdr));
+ grehdr = skb_header_pointer(skb, dataoff, sizeof(_grehdr), &_grehdr);
+ pgrehdr = skb_header_pointer(skb, dataoff, sizeof(_pgrehdr), &_pgrehdr);
if (!grehdr || !pgrehdr)
return 0;
@@ -222,21 +222,21 @@
}
/* print gre part of tuple */
-static unsigned int gre_print_tuple(char *buffer,
- const struct ip_conntrack_tuple *tuple)
+static int gre_print_tuple(struct seq_file *s,
+ const struct ip_conntrack_tuple *tuple)
{
- return sprintf(buffer, "srckey=0x%x dstkey=0x%x ",
- ntohl(tuple->src.u.gre.key),
- ntohl(tuple->dst.u.gre.key));
+ return seq_printf(s, "srckey=0x%x dstkey=0x%x ",
+ ntohl(tuple->src.u.gre.key),
+ ntohl(tuple->dst.u.gre.key));
}
/* print private data for conntrack */
-static unsigned int gre_print_conntrack(char *buffer,
- const struct ip_conntrack *ct)
+static int gre_print_conntrack(struct seq_file *s,
+ const struct ip_conntrack *ct)
{
- return sprintf(buffer, "timeout=%u, stream_timeout=%u ",
- (ct->proto.gre.timeout / HZ),
- (ct->proto.gre.stream_timeout / HZ));
+ return seq_printf(s, "timeout=%u, stream_timeout=%u ",
+ (ct->proto.gre.timeout / HZ),
+ (ct->proto.gre.stream_timeout / HZ));
}
/* Returns verdict for packet, and may modify conntrack */
@@ -290,17 +290,19 @@
}
/* protocol helper struct */
-static struct ip_conntrack_protocol gre = { { NULL, NULL }, IPPROTO_GRE,
- "gre",
- gre_pkt_to_tuple,
- gre_invert_tuple,
- gre_print_tuple,
- gre_print_conntrack,
- gre_packet,
- gre_new,
- gre_destroy,
- NULL,
- THIS_MODULE };
+static struct ip_conntrack_protocol gre = {
+ .proto = IPPROTO_GRE,
+ .name = "gre",
+ .pkt_to_tuple = gre_pkt_to_tuple,
+ .invert_tuple = gre_invert_tuple,
+ .print_tuple = gre_print_tuple,
+ .print_conntrack = gre_print_conntrack,
+ .packet = gre_packet,
+ .new = gre_new,
+ .destroy = gre_destroy,
+ .exp_matches_pkt = NULL,
+ .me = THIS_MODULE
+};
/* ip_conntrack_proto_gre initialization */
static int __init init(void)
Modified: trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_nat_pptp.c
===================================================================
--- trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_nat_pptp.c 2004-10-22 15:45:57 UTC (rev 3257)
+++ trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_nat_pptp.c 2004-10-22 16:14:56 UTC (rev 3258)
@@ -152,7 +152,7 @@
((void *)tcph + tcph->doff*4);
struct PptpControlHeader *ctlh;
- union pptp_ctrl_union pptpReq;
+ union pptp_ctrl_union *pptpReq;
struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info;
struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info;
@@ -160,13 +160,13 @@
/* FIXME: size checks !!! */
ctlh = (struct PptpControlHeader *) ((void *) pptph + sizeof(*pptph));
- pptpReq.rawreq = (void *) ((void *) ctlh + sizeof(*ctlh));
+ pptpReq = (void *) ((void *) ctlh + sizeof(*ctlh));
new_callid = htons(ct_pptp_info->pns_call_id);
switch (msg = ntohs(ctlh->messageType)) {
case PPTP_OUT_CALL_REQUEST:
- cid = &pptpReq.ocreq->callID;
+ cid = &pptpReq->ocreq.callID;
/* FIXME: ideally we would want to reserve a call ID
* here. current netfilter NAT core is not able to do
* this :( For now we use TCP source port. This breaks
@@ -183,10 +183,10 @@
ct_pptp_info->pns_call_id = ntohs(new_callid);
break;
case PPTP_IN_CALL_REPLY:
- cid = &pptpReq.icreq->callID;
+ cid = &pptpReq->icreq.callID;
break;
case PPTP_CALL_CLEAR_REQUEST:
- cid = &pptpReq.clrreq->callID;
+ cid = &pptpReq->clrreq.callID;
break;
default:
DEBUGP("unknown outbound packet 0x%04x:%s\n", msg,
@@ -231,7 +231,7 @@
((void *)tcph + tcph->doff*4);
struct PptpControlHeader *ctlh;
- union pptp_ctrl_union pptpReq;
+ union pptp_ctrl_union *pptpReq;
struct ip_ct_pptp_master *ct_pptp_info = &ct->help.ct_pptp_info;
struct ip_nat_pptp *nat_pptp_info = &ct->nat.help.nat_pptp_info;
@@ -243,14 +243,14 @@
/* FIXME: size checks !!! */
ctlh = (struct PptpControlHeader *) ((void *) pptph + sizeof(*pptph));
- pptpReq.rawreq = (void *) ((void *) ctlh + sizeof(*ctlh));
+ pptpReq = (void *) ((void *) ctlh + sizeof(*ctlh));
new_pcid = htons(nat_pptp_info->pns_call_id);
switch (msg = ntohs(ctlh->messageType)) {
case PPTP_OUT_CALL_REPLY:
- pcid = &pptpReq.ocack->peersCallID;
- cid = &pptpReq.ocack->callID;
+ pcid = &pptpReq->ocack.peersCallID;
+ cid = &pptpReq->ocack.callID;
if (!oldexp) {
DEBUGP("outcall but no expectation\n");
break;
@@ -292,7 +292,7 @@
ip_ct_gre_keymap_change(oldexp->proto.gre.keymap_reply, &inv_t);
break;
case PPTP_IN_CALL_CONNECT:
- pcid = &pptpReq.iccon->peersCallID;
+ pcid = &pptpReq->iccon.peersCallID;
if (!oldexp)
break;
old_dst_ip = oldexp->tuple.dst.ip;
@@ -317,10 +317,10 @@
/* only need to nat in case PAC is behind NAT box */
break;
case PPTP_WAN_ERROR_NOTIFY:
- pcid = &pptpReq.wanerr->peersCallID;
+ pcid = &pptpReq->wanerr.peersCallID;
break;
case PPTP_CALL_DISCONNECT_NOTIFY:
- pcid = &pptpReq.disc->callID;
+ pcid = &pptpReq->disc.callID;
break;
default:
Modified: trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_nat_proto_gre.c
===================================================================
--- trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_nat_proto_gre.c 2004-10-22 15:45:57 UTC (rev 3257)
+++ trunk/patch-o-matic-ng/pptp-conntrack-nat/linux-2.6/net/ipv4/netfilter/ip_nat_proto_gre.c 2004-10-22 16:14:56 UTC (rev 3258)
@@ -76,12 +76,9 @@
keyptr = &tuple->dst.u.gre.key;
if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) {
-
DEBUGP("%p: NATing GRE PPTP\n", conntrack);
min = 1;
range_size = 0xffff;
- break;
-
} else {
min = ntohl(range->min.gre.key);
range_size = ntohl(range->max.gre.key) - min + 1;
@@ -101,7 +98,7 @@
}
/* manipulate a GRE packet according to maniptype */
-static void
+static int
gre_manip_pkt(struct sk_buff **pskb,
unsigned int hdroff,
const struct ip_conntrack_manip *manip,
@@ -110,11 +107,11 @@
struct gre_hdr *greh;
struct gre_hdr_pptp *pgreh;
- if (!skb_ip_make_writable(pskb, hdroff + sizeof(hdr)))
+ if (!skb_ip_make_writable(pskb, hdroff + sizeof(*pgreh)))
return 0;
greh = (void *)(*pskb)->data + hdroff;
- pgreh = greh;
+ pgreh = (struct gre_hdr_pptp *) greh;
/* we only have destination manip of a packet, since 'source key'
* is not present in the packet itself */
@@ -142,9 +139,11 @@
break;
default:
DEBUGP("can't nat unknown GRE version\n");
+ return 0;
break;
}
}
+ return 1;
}
/* print out a nat tuple */
@@ -184,14 +183,15 @@
}
/* nat helper struct */
-static struct ip_nat_protocol gre =
- { { NULL, NULL }, "GRE", IPPROTO_GRE,
- gre_manip_pkt,
- gre_in_range,
- gre_unique_tuple,
- gre_print,
- gre_print_range
- };
+static struct ip_nat_protocol gre = {
+ .name = "GRE",
+ .protonum = IPPROTO_GRE,
+ .manip_pkt = gre_manip_pkt,
+ .in_range = gre_in_range,
+ .unique_tuple = gre_unique_tuple,
+ .print = gre_print,
+ .print_range = gre_print_range
+};
static int __init init(void)
{
More information about the netfilter-cvslog
mailing list